Millennials tend not to think twice when they're asked for information. A website requests their birthday, and they type it in automatically. Next, their hometown? Here it is, no problem. And account number? Coming right up.
A recent Gallup poll found 18- to 34-year-olds are OK with turning over their data because they think businesses are keeping it safe. Experts said this naive belief has a variety of causes, such as millennials' upbringing, inexperience and apathy, but it is all likely to end in one result: fraud. In an age where data breaches are growing in size and frequency, experts said young people need to start caring about protecting their information.
"It's as though they've hung up the do not disturb sign," said Neal O'Farrell, founder of the Identity Theft Council, a San Francisco nonprofit that helps victims of fraud. "I just don't think they either understand the consequences or are worried about them."
The Gallup poll, released Monday, found that 44 percent of millennials said they thought businesses were keeping their personal information private "all" or "most of" the time. But as Americans' ages climbed, so did their apprehension. Generation Xers, the baby boomers and traditionalists responded with varying degrees of skepticism. More than a third of traditionalists, or people over age 70, told Gallup they thought companies kept their data private "little" or "none of" the time.
Millennials' optimism can be blamed first on how they were raised, said William Kresse, a professor specializing in fraud examination and forensic accounting at Governors State University in Chicago. They're digital natives who grew up around technology. Because many youths have never lived in a world without data storage systems like iCloud, they inherently trust them. Older people tend to be skeptical of these new technologies, which makes them more reluctant to divulge information, Kresse said.
"If you are a digital native, this is second nature, and you feel that 'I've gotten through OK so far. This won't happen to me,' " he added. "The truth of the matter is it will probably happen to everyone sooner or later."
At the same time, hackers and fraudsters are targeting older people, who Kresse said often have more money and are easier to scam. The elderly are also less likely to report fraud because they're embarrassed or don't know how, the FBI says.
Public data breaches, as when 40 million Target shoppers' credit and debit card information was leaked in 2013 or hackers published hundreds of celebrity photos in 2014, mean little to millennials who have no experience with the phenomenon, said Murat Kantarcioglu, the director of the University of Texas at Dallas' Data Security and Privacy Lab. The issue is difficult for them to grasp unless they or someone they know has been affected.
Without this, young people don't see information sharing as negative. Companies promote their data-mining techniques as a way to customize users' experiences, Kantarcioglu said. Millennials don't mind seeing targeted ads or receiving special coupons relevant to their interests. They don't recognize fraud as a serious threat, so they end up freely giving away their private information.
"You've got a generation that's what I call promiscuous with their data," said Chris Rouland, the founder of data security startup Bastille in Atlanta. In a 2013 survey from the University of Southern California's Annenberg Center for the Digital Future in Los Angeles, about 70 percent of millennials said they agreed with the statement "No one should ever be allowed to have access to my personal data or web behavior." But half of them said they'd share data with businesses "as long as I get something in return."
Social media is an example of this. Facebook, which had more than 930 million active users in March, requires a first and last name, email address, birthday and gender to sign up. Young people readily turn over this information without considering that the company might sell the data. They need to be reminded that "anything that's free or inexpensive on the Internet generally means you're the product," Rouland said.
These factors likely won't change soon. But even though millennials don't care now, they may later, he added. They might try to buy a house and find out their credit score has been wrecked. Or they might apply for a job and get called out by an employer for indecent social media content.
Generation Z, which includes people under 18, might become the biggest casualty of the youth attitude toward security. More so than millennials, they've grown up in an era where everyone shares everything, said the Identity Theft Council's O'Farrell. They might not realize they should care about keeping some things private.
Young people should be vigilant about who has their data and what they do with it, he said. They should ask themselves: Is this company legitimate? Am I sure it will guard the data? Is there another way to accomplish this?
O'Farrell said that at very least, Gen Z, millennials and others need to use encryption services that protect their browsing activity and be careful about who receives their personal information. "The bad guys have a huge amount of data that the allegedly good guys have been collecting but not protecting," he added. "We are getting to a point where there's nothing about us that strangers won't be able to know."